General
-
Target
QUOTE B1018530.doc
-
Size
210KB
-
Sample
211022-jtt88scbgj
-
MD5
0d1e47f9c9e97439af102247df16e32f
-
SHA1
e6c179251a9ced22d13c32d8f3e7bc148347bbf1
-
SHA256
5e719cefe52f3351eeb10b2aa74d5454493bd1365ca8258867ffa2affe8a17b3
-
SHA512
4fb9412ded80376d952254fb00bca9e3faae3a9ab5d8d0ae402c2a57546bd8c6569245fb79506cb210ea9c2c3d5d1bf6b8c836261f7384142341a269268d183c
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE B1018530.doc
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
QUOTE B1018530.doc
Resource
win10-en-20211014
Malware Config
Extracted
formbook
4.1
mxwf
http://www.zahnimplantatangebotede.com/mxwf/
orders-cialis.info
auctionorbuy.com
meanmugsamore.com
yachtcrewmark.com
sacredkashilifestudio.net
themintyard.com
bragafoods.com
sierp.com
hausofdeme.com
anthonyjames915.com
bajardepesoencasa.com
marciaroyal.com
earringlifter.com
dsdjfhd9ddksa1as.info
bmzproekt.com
employmentbc.com
ptsdtreatment.space
vrchance.com
cnrongding.com
welovelit.com
intercourierdelivery.services
ianwhitewrite.com
afcerd.com
beneficiodemedicare.com
gatel3ess.com
salesnksportswt.top
thewellnessloft365.com
totensa.com
jessicatheisen.com
snowtographers.com
executrainpr.com
puttypaw.com
popcorntimeipad.com
heyconi.com
llanoresources.com
ibusinesshero.com
1euro1ad.com
sparkleeapp.com
zhuxiugyh.com
calvinmaphoto.com
bjmaomao.com
isaacfujiki.com
zipwhipper.com
kontrollstutzen.com
hannaheason.media
zgcbw.net
letteringdagabi.com
kitefabrics.com
andherieastoffices.com
thewellnesstravelcompany.info
ohio.works
beacharita.com
alphamillls.com
sassandvinegar.com
usauber.com
ceylonherbslk.com
richardggreenhill.com
groupdae.com
jupiterccc.com
indoovo.com
sunnytheodora.com
gxpgfz.com
shoppandaxpress.com
heiboard.com
Targets
-
-
Target
QUOTE B1018530.doc
-
Size
210KB
-
MD5
0d1e47f9c9e97439af102247df16e32f
-
SHA1
e6c179251a9ced22d13c32d8f3e7bc148347bbf1
-
SHA256
5e719cefe52f3351eeb10b2aa74d5454493bd1365ca8258867ffa2affe8a17b3
-
SHA512
4fb9412ded80376d952254fb00bca9e3faae3a9ab5d8d0ae402c2a57546bd8c6569245fb79506cb210ea9c2c3d5d1bf6b8c836261f7384142341a269268d183c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-